KWallet: Unterschied zwischen den Versionen
| Zeile 30: | Zeile 30: | ||
* So now I just log in, type in my Kwallet password, and KeePass opens as well. | * So now I just log in, type in my Kwallet password, and KeePass opens as well. | ||
== Sicherheit == | === Sicherheit === | ||
* There’s a security issue with this script, which can be reduced by not using the password directly on the comment line. | * There’s a security issue with this script, which can be reduced by not using the password directly on the comment line. | ||
* There are two methods below, YMMV, but I ended up with this hybrid: | * There are two methods below, YMMV, but I ended up with this hybrid: | ||
Version vom 24. Oktober 2020, 18:09 Uhr
Linux:Plasma5:KWallet:Login
KWallet beim Login entsperren
Voraussetzungen
- Benutzerpasswort und KWallet-Passwort müssen identisch sein
- TODO: apt mit relevanten Paketen
Konfiguration
# vi /etc/pam.d/sddm
Hinzufügen / anpassen:
auth optional pam_kwallet5.so session optional pam_kwallet5.so auto_start
KeePassXC
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) #open Keepass mono /opt/KeePass2/KeePass.exe --lock & #give keepass enough time to actually open, otherwise results are inconsistent sleep 3 # Tell keypass to open your password database mono /opt/KeePass2/KeePass.exe "/home/user/Dropbox/keepass/passwords.kdbx" -pw:$walletkey
- Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
- So now I just log in, type in my Kwallet password, and KeePass opens as well.
Sicherheit
- There’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
- There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) dbpath="/home/user/Dropbox/keepass/passwords.kdbx" echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin
- This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.
- Still not 100%, but security is always a tradeoff between ease of use and effectiveness.
Anwendungen
#!/usr/bin/env bash # set -xv # exec 1>~/keepass.sh.log 2>&1 echo opening KeepassXC ... kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx & echo opening volume geschäftlich ... kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ & echo opening volume privat ... kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &
Links
Intern
TDOD